Key Takeaways: The Forrester New Wave for Extended Detection and Response, Q4 2021

Key Takeaways: The Forrester New Wave for Extended Detection and Response, Q4 2021

Recently, Cambridge MA-based analyst house Forrester Research released the latest iteration of its flagship Forrester New Wave Report for Extended Detection and Response, Q4 2021.

Researchers Allie Mellen, Joseph Balkenship, Alexis Bouffard, and Peggy Dostie created a 10 criteria report analyzing the market. Through these criteria, they identify the seven most significant vendors. These vendors include Bitdefender, Cisco, CrowdStrike, Cybereason, Elastic, FireEye, Kaspersky, McAfee, Microsoft, Palo Alto Networks, SentinelOne, Sophos, Trend Micro, and VMware.

The Wave Report describes Forrester’s findings concerning how each provider meets its researchers’ evaluation criteria. Thus, with this information, Forrester’s researchers place each vendor on their Wave; the graph, in turn, positions each vendor as a Leader, Strong Performer, Contender, or Challenger in relation to one another.

The editors of Solutions Review read the full report, available here. Here’s what we found.

ALERT: Our Buyer’s Guide for Endpoint Security helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace and a Bottom Line Analysis for each vendor profile.

Trend Micro led the charge in the Leaders segment of the report via its Trend Micro Vision One solution, with Forrester complementing its strong cross-telemetry detection, investigation, and response capabilities. While reporting and custom detection features leave something to be desired, the researchers complemented Trend Micro’s security suite as being robust and easy to operate. Microsoft, through its Microsoft Defender solution, offers robust, native endpoint, identity, cloud, and Office 365 correlation. Forrester noted the company’s tailored detection, investigation, response, and mitigation capabilities, but also highlighted that clients do not find Microsoft’s customer support sufficient at all.

For the Strong Performers, Palo Alto Networks’ combination of native endpoint, network, and cloud ingestion through Cortex XDR help elevate it above its somewhat lacking response capabilities. Crowdstrike currently offers an aggressive roadmap for a fully-fledged XDR solution but still needs to bring all of its offerings together into a cohesive suite of tools.

While Bitdefender also has some ways to go with its response capabilities, its endpoint and native network telemetry alongside transparent product security capabilities make it a reliable contender for XDR. Sentinel One’s Singularity Complete solution offers great customizability and is building telemetry capabilities, although its XDR inputs are currently limited.

Cybereason, the first of four Contenders on the report, offers early-stage, services-led extended capabilities through the Cybereason XDR Platform and works as a fit for companies looking for hybrid XDR. VMware, another Contender, impressed the Forrester researchers with its partner network and vision for XDR through VMware Carbon Black Cloud even if its native telemetry capabilities for detection, investigation, and response is lacking.

The next two Contenders, Elastic and McAfee, actually occupy the exact same positioning on the Forrester Wave. Elastic Security delivers strong customizable SIEM and open-source capabilities that still needs to reconcile its vision and its offering, while McAfee’s MVISION XDR provides a unifying security analytics layer for its portfolio of security tools but requires expanded investigation and response features.

Kaspersky hangs just on the rim of the Challengers wave, leading the category through its Anti Targeted Attack Platform; its offerings heavily target the EMEA region and require more telemetry, but can aggregate alerts from endpoint and email in one place. Sophos has consolidated its tech stack for querying with native endpoint, NGFW, and email telemetry through Sophos XDR, but it still needs to align the product to what customers want.

Cisco has yet to expand its Cisco SecureX tool beyond orchestration of response, but it makes a good fit for existing Cisco customers who want to move into the field of XDR. Finally, FireEye XDR is primarily an SIEM tool that is currently working through a split with its XDR vendor, so while its SIEM solution is noteworthy and should be considered, where its XDR offerings will go from here remains up in the air.

Read the Forrester New Wave for Extended Detection and Response, Q4 2021 here.